Vulnerabilidades en nocodb
58 resultadosCVE-2026-47388LOWNocoDB: Missing Ownership Check in MCP Attachment ReadEPSS 0.2%CVE-2026-47382MEDIUMNocoDB: Server-Side Request Forgery via Database Connection HostEPSS 0.2%CVE-2026-24767MEDIUMNocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL FunctionalityEPSS 0.2%CVE-2026-47386MEDIUMNocoDB: OAuth Authorization Code Race ConditionEPSS 0.2%CVE-2026-46554LOWNocoDB: Stale Auth Cache After API Token DeletionEPSS 0.2%CVE-2026-47380MEDIUMNocoDB: User Enumeration via Sign-In TimingEPSS 0.2%CVE-2026-28360LOWNocoDB: Plaintext Storage of Shared View PasswordsEPSS 0.2%CVE-2026-28396MEDIUMNocoDB: Refresh Tokens Not Revoked on Password ResetEPSS 0.2%CVE-2026-28397MEDIUMNocoDB: Stored Cross-Site Scripting via CommentsEPSS 0.2%CVE-2026-28401MEDIUMNocoDB: Stored Cross-Site Scripting via Rich Text CellsEPSS 0.2%CVE-2026-46548MEDIUMNocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)EPSS 0.2%CVE-2026-28361MEDIUMNocoDB: Missing Ownership Validation in MCP Token OperationsEPSS 0.2%CVE-2026-46549LOWNocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope EscalationEPSS 0.2%CVE-2026-46547MEDIUMNocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URLEPSS 0.1%CVE-2026-28359MEDIUMNocoDB: Stored Cross-Site Scripting via Rich Text FieldEPSS 0.1%CVE-2026-28357MEDIUMNocoDB: Stored Cross-Site Scripting via Formula CellEPSS 0.1%CVE-2026-28398MEDIUMNocoDB: Stored Cross-Site Scripting via Comments and Rich Text CellsEPSS 0.1%CVE-2026-46550MEDIUMNocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` FlagsEPSS 0.1%